Examples of these reports include help desk tickets submitted and completed, security project status, the number of security scans finished and their results, and an inventory of hardware and software connected to your network. Among your audience, these metrics are particularly relevant to your boss, IT management peers and your security team.
This is the number of reported security incidents and their statuses, such as success or failure, financial and reputational impact, after-action reports, and legal statuses. The target audience for these includes your manager, his or her manager and your board of directors or trustees.
These metrics show how effective your security controls, services and training are in complying with the security or data standards your organization must adhere to. For these, your most pertinent audience includes management, internal auditors and units involved with regulatory compliance.
These metrics are similar to the compliance metrics, but they also show the value of your security controls, services and training. Additionally, they should show areas that need improvement, along with your progress in meeting your organization’s business goals.